On Thu, Dec 4, 2025 at 9:24 AM Frank Ch. Eigler <[email protected]> wrote:
>
> Hi -
>
> > My particular use case is for bpf-based linux kernel
> > tracing. When tracing a kernel function, the user would like
> > to know the actual signature. This is critical. [...]
>
> More precisely, the tracer tool needs to know which formal parameters
> of a function actually survived past optimization, and where to find
> the values at run time. The answer to both questions is to parse the
> location lists.
Let us say there is a kernel function map_create().
The source signature:
typedef struct {
union {
void *kernel;
void __user *user;
};
bool is_kernel : 1;
} sockptr_t;
typedef sockptr_t bpfptr_t;
static int map_create(union bpf_attr *attr, bpfptr_t uattr) { ... }
Eventually after optimization, it becomes:
static int map_create(union bpf_attr *attr, bool is_kernel) { ... }
The dwarf:
0x0186ac83: DW_TAG_subprogram
DW_AT_low_pc (0xffffffff814a7f10)
DW_AT_high_pc (0xffffffff814a83fb)
DW_AT_frame_base (DW_OP_reg7 RSP)
DW_AT_call_all_calls (true)
DW_AT_name ("map_create")
DW_AT_decl_file ("/home/yhs/work/bpf-next/kernel/bpf/syscall.c")
DW_AT_decl_line (1375)
DW_AT_prototyped (true)
DW_AT_calling_convention (DW_CC_nocall)
DW_AT_type (0x0184e0af "int")
...
0x0186acbe: DW_TAG_formal_parameter
DW_AT_location (indexed (0x2b4) loclist = 0x00256a5c:
[0xffffffff814a7f15, 0xffffffff814a7f34): DW_OP_reg5 RDI
[0xffffffff814a7f34, 0xffffffff814a7f53): DW_OP_reg3 RBX
[0xffffffff814a7f53, 0xffffffff814a7f6a):
DW_OP_entry_value(DW_OP_reg5 RDI), DW_OP_stack_value
[0xffffffff814a7f6a, 0xffffffff814a8392): DW_OP_reg3 RBX
[0xffffffff814a83b8, 0xffffffff814a83c6):
DW_OP_entry_value(DW_OP_reg5 RDI), DW_OP_stack_value
[0xffffffff814a83c6, 0xffffffff814a83fb): DW_OP_reg3 RBX)
DW_AT_name ("attr")
DW_AT_decl_file
("/home/yhs/work/bpf-next/kernel/bpf/syscall.c")
DW_AT_decl_line (1375)
DW_AT_type (0x0184e29d "bpf_attr *")
0x0186acca: DW_TAG_formal_parameter
DW_AT_location (indexed (0x2b3) loclist = 0x00256a31:
[0xffffffff814a7f15, 0xffffffff814a7f34):
DW_OP_piece 0x8, DW_OP_reg4 RSI, DW_OP_piece 0x1
[0xffffffff814a7f34, 0xffffffff814a7f64):
DW_OP_piece 0x8, DW_OP_reg6 RBP, DW_OP_piece 0x1
[0xffffffff814a7f6a, 0xffffffff814a83fb):
DW_OP_piece 0x8, DW_OP_reg6 RBP, DW_OP_piece 0x1)
DW_AT_name ("uattr")
DW_AT_decl_file
("/home/yhs/work/bpf-next/kernel/bpf/syscall.c")
DW_AT_decl_line (1375)
DW_AT_type (0x0186a002 "bpfptr_t")
Not sure how to recover the true signature from the above?
>
> - FChE
>
--
Dwarf-discuss mailing list
[email protected]
https://lists.dwarfstd.org/mailman/listinfo/dwarf-discuss
